The social media platform Discord announced a major data breach, including at least 70,000 photo IDs, personal information, and credit card details. The breach, as reported by Discord, was not from its internal systems but a third-party service (Zendesk) used by Discord for ‘customer service efforts’.

“An unauthorised party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord,” read a statement from Discord.

The data includes personal information, such as name, email ID and contact information; billing information, such as the last four digits of cards and transaction history; IP addresses, messages with customer service, government photo ID, and corporate data. The government photo ID were accessed by the third party for age verification. The statement also clarified that full credit card details or CVV numbers were not leaked. Similarly, password authentication details, messages on Discord beyond those with the customer service executives were safe. It also confirmed that only those users who have connected with a customer service executive are exposed to the attack.

Discord is a San Francisco-based popular messaging platform which is popular among gamers and developers. It hosts approximately 200 million users worldwide.

Discord claimed in the statement that it had revoked the ‘customer support provider’s access to our ticketing system’ and connected with law enforcement agencies for further investigation into the matter. It has urged users to remain vigilant over any possible text messages they might receive in the next couple of weeks. It has also launched an internal investigation with a leading computer forensics firm to push for remedial measures. This is the third time the platform has faced a cyber attack, which resulted in a data breach. The most significant was one in August 2023, when the Discord.io service was compromised and approximately 760,000 user accounts were affected.